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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 05 May 2005 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E><] Claim(s) 1-7,9-15 and 17 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-7.9-15 and 17 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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2. D Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 



1. 



This Office Action is in response to the amendment filed 05/05/2005. 



2. 



Claims 1,10 and 17 were amended. 



3. 



Claims 8 and 16 are canceled. 



4. 



Claims 1-7, 9-15 and 17 are pending in this office action. 



Response to Amendment 



5. The rejection of Claim 10 under 35 U.S.C. 1 12, second paragraph, is withdrawn. 

6. Applicant's arguments filed 05/05/2005 have been fully considered. A new 
grounds of rejection is made in view of applicant's amendment and corresponding 
arguments. 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. 



8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



9. Claims 1-7, 9-15 and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent 6,519,703 by Joyce (Joyce) in view of U.S. Patent 



Claim Rejections - 35 USC § 103 



6,657,954 by Bird et al. (Bird). 
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10. With respect to Claim 1 , Joyce teaches an interface between a site and an 
external network for screening packets on the external network, each packet having an 
associated source address (Col. 2 lines 30-40 and Col. 4 lines 48-54), the interface 
comprising: a. an heuristic profiler for ascribing a characteristic value (Col. 2 lines 41- 
65) to each address on the external network (Col. 4 lines 14-21 and lines 44-60) based 
at least on prior activity associated with the address (Col. 3 lines 29-67 and Col. 4 lines 
44-60); b. a profiler for monitoring a load on the site (Col. 3 lines 29-37, Col. 3 lines 59- 
67, and Col. 4 lines 34-43) and c. a filter for selectively passing a particular packet from 
the external network to the site based at least on the characterizing value ascribed by 
the heuristic profiler to the source address associated with the particular packet (Col. 2 
lines 30-40 and Col. 3 lines 29-58) in relation to threshold values (Col. 3 lines 16-38, 
lines 23 and 24 specifically). 

While Joyce teaches a profiler and threshold values, Joyce does not explicitly 
disclose such a threshold value being set, on the basis of the profiler monitoring a load 
on the site. Bird teaches also teaches a profiler for monitoring a load on a site (Col. 6 
lines 39-59 and Col. 7 lines 1-39). The profiler can set a threshold value on the basis of 
the monitoring (Col. 6 line 39 - Col. 7 line 39). This allows for adaptive threshold values 
that are reflective of actual network conditions (Col. 6 lines 39-59). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to take the interface disclosed by Joyce and modify as indicated by 
Bird such that the interface further comprises a profiler for monitoring a load on the site 
and for setting, on the basis thereof, a threshold value; and a filter for selectively 
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passing a particular packet from the external network to the site based at least on the 
characterizing value ascribed by the heuristic profiler to the source address associated 
with the particular packet in relation to the threshold value set by the profiler. One 
would be motivated to have this, as there is need for a technique whereby threshold 
values can be dynamically adjusted to adapt to current network conditions (In Bird: Col. 
2 lines 53-60). 

1 1 . With respect to Claim 2, Joyce in view of Bird teaches all the limitations of Claim 
1 and further teaches wherein the heuristic profiler ascribes a characteristic value to 
each known address on the external network based at least on characteristics of prior 
packets received by the site bearing the source address associated with the particular 
packet (Col. 3 lines 29-67 and Col. 4 lines 44-60). 

12. With respect to Claim 3, Joyce in view of Bird teaches all the limitations of Claim 
1 and further teaches the site is a computer (In Joyce: Col. 3 lines 1-15 and Col. 7 lines 
6-16). 

1 3. With respect to Claim 4, Joyce in view of Bird teaches all the limitations of Claim 
1 and further teaches the site is a local network of computers (In Joyce: Col. 3 lines 1- 
15 and Col. 7 lines 6-16). 

14. With respect to Claim 5, Joyce in view of Bird teaches all the limitations of Claim 
1 and further teaches the site is a web server (In Joyce: Col. 3 lines 1-15 and Col. 7 
lines 6-16). 

1 5. Wth respect to Claim 6, Joyce in view of Bird teaches all the limitations of Claim 
1 and further teaches further comprising a firewall in communication with the site, the 
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firewall interposed between the site and the network (In Joyce: Col. 2 lines 16-40 and 
Col. 3 lines 1-15). 

16. With respect to Claim 7, Joyce in view of Bird teaches all the limitations of Claim 
1 and further teaches a load monitor for monitoring the traffic of packets between the 
network and the site relative to a specified nominal load (In Joyce: Col. 3 lines 29-67 
and Col. 4 lines 34-60). 

17. With respect to Claim 8, Joyce in view of Bird teaches all the limitations of Claim 
7 and further teaches filter selectively passes a particular packet based at least on the 
monitored traffic of packets (In Joyce: Col. 3 lines 29-67 and Col. 4 lines 34-60). 

18. With respect to Claim 9, Joyce in view of Bird teaches all the limitations of Claim 
1 and further teaches a history module for developing a time profile of observations of 
packets received from associated source addresses (In Joyce: Col. 3 lines 29-67 and 
Col. 4 lines 34-60). 

1 9. With respect to Claim 1 0, Joyce teaches a method for screening a flow of 
packets between a site and an external network each packet having an associated 
source address (Col. 2 lines 30-40 and Col. 4 lines 48-54), the interface comprising: a. 
ascribing a hierarchical value (Col. 2 lines 41-65) to a subset of addresses on the 
external network (Col. 4 lines 14-21 and lines 44-60) based at least on prior activity 
associated with each address of the subset (Col. 3 lines 29-67 and Col. 4 lines 44-60); 
b. monitoring a load on the site (Col. 3 lines 29-37, Col. 3 lines 59-67, and Col. 4 lines 
34-43); c. setting threshold values (Col. 3 lines 16-38, lines 23 and 24 specifically); and 
d. selectively passing packets from the external network to the site based at least on 
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any hierarchical value ascribed to the source address associated with each packet (Col. 
2 lines 30^0 and Col. 3 lines 29-58) in relation to the threshold values (Col. 3 lines 16- 
38, lines 23 and 24 specifically). 

While Joyce teaches monitoring and threshold values, Joyce does not explicitly 
disclose such a threshold value being set on the basis of the load. Bird teaches also 
teaches monitoring a load on a site (Col. 6 lines 39-59 and Col. 7 lines 1-39). A profiler 
can set a threshold value on the basis of the monitored load (Col. 6 line 39 - Col. 7 line 
39). This allows for adaptive threshold values that are reflective of actual network 
conditions (Col. 6 lines 39-59). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to take the method disclosed by Joyce and modify as indicated by 
Bird such that the method further comprises setting a threshold value on the basis of the 
load; and selectively passing packets from the external network to the site based at 
least on any hierarchical value ascribed to the source address associated with each 
packet in relation to the threshold value. One would be motivated to have this, as there 
is need for a technique whereby threshold values can be dynamically adjusted to adapt 
to current network conditions (In Bird: Col. 2 lines 53-60). 

20. With respect to Claim 1 1 , Joyce in view of Bird teaches all the limitations of Claim 
10 and further teaches checking each packet for compliance with specified protocol 
standards (In Joyce: Col. 3 lines 29-67 and Col. 4 lines 34-43). 
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21 . With respect to Claim 12, Joyce in view of Bird teaches all the limitations of Claim 
10 and further teaches developing a time profile of observations of packets received 
from associated source addresses (In Joyce: Col. 3 lines 29-67 and Col. 4 lines 34-60). 

22. With respect to Claim 1 3, Joyce in view of Bird teaches all the limitations of Claim 
10 and further teaches the step of monitoring the traffic of packets between the network 
and the site relative to a specified nominal load (In Joyce: Col. 3 lines 29-67 and Col. 4 
lines 34-60). 

23. With respect to Claim 14, Joyce in view of Bird teaches all the limitations of Claim 

13 and further teaches the step of setting a threshold standard based on the monitored 
traffic of packets between the network and the site (In Joyce: Col. 3 lines 16-67 with 
particular note of lines 20-25 and lines 61-67, and Col. 4 lines 34-60). 

24. With respect to Claim 1 5, Joyce in view of Bird teaches all the limitations of Claim 

14 and further teaches wherein the step of selectively passing packets from the external 
network to the site is based, at least in part, on the hierarchical value ascribed to the 
source address associated with each packet relative to the threshold standard (In 
Joyce: Col. 3 lines 16-67). 

25. With respect to Claim 1 7, Joyce teaches a computer program product for use on 
a computer system for screening data flow between an external network device and a 
local site (Col. 2 lines 30-40 and Col. 4 lines 48-54), the computer program product 
comprising a computer usable medium having computer readable program code 
thereon, the computer readable program code comprising: a. program code for 
ascribing a hierarchical value (Col. 2 lines 41-65) to a subset of addresses on the 
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external network (Col. 4 lines 14-21 and lines 44-60) based at least on prior activity 
associated with each address of the subset (Col. 3 lines 29-67 and Col. 4 lines 44-60); 
b. program code for monitoring a load on the local site (Col. 3 lines 29-37, Col. 3 lines 
59-67, and Col. 4 lines 34-43); and c. program code for selectively passing packets from 
the external network to the local site based at least on the hierarchical value ascribed to 
the source address associated with each packet (Col. 2 lines 30-40 and Col. 3 lines 29- 
58) in relation to threshold values (Col. 3 lines 16-38, lines 23 and 24 specifically). 

While Joyce teaches monitoring and threshold values, Joyce does not explicitly 
disclose such a threshold value being set on the basis of the monitoring of the load on 
the local site. Bird teaches also teaches monitoring a load on a site (Col. 6 lines 39-59 
and Col. 7 lines 1-39). A profiler can set a threshold value on the basis of the monitored 
load (Col. 6 line 39 - Col. 7 line 39). This allows for adaptive threshold values that are 
reflective of actual network conditions (Col. 6 lines 39-59). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to take the computer readable program code disclosed by Joyce 
and modify as indicated by Bird such that the computer readable program code further 
comprises program code for monitoring a load on the local site and for setting, on the 
basis thereof, a threshold value; and program code for selectively passing packets from 
the external network to the local site based at least on the hierarchical value ascribed to 
the source address associated with each packet in relation to the threshold value. One 
would be motivated to have this, as there is need for a technique whereby threshold 
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values can be dynamically adjusted to adapt to current network conditions (In Bird: Col. 
2 lines 53-60). 

Response to Arguments 

26. Applicant's arguments filed 05/05/2005 have been considered but are moot in 
view of the new ground(s) of rejection. Particularly, Applicant's argued that limitations, 
with regards to a threshold value set on the basis of a monitored load, were not taught 
by the Joyce reference. A new grounds of rejection has been made however, showing 
that such limitations are obvious in view of the Bird reference. 

Conclusion 

27. The prior art made of record and not relied upon is considered pertinent to • 
applicant's disclosure. 

28. U.S. Patent 5,936,939 by Des Jardins et al. "Digital network including early 
packet discard mechanism with adjustable threshold" August 10, 1999. Discloses an 
adaptive discard policy based on a degree of congestion over a selected period of time. 

29. U.S. Patent 6,836,800 by Sweet et al. "Managing computer resources" 
December 28, 2004. Discloses the determination of threshold values based on 
historical/temporal traffic conditions. 

30. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period/then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Lazaro whose telephone number is 571-272- 
3986. The examiner can normally be reached on 8:30-5:00 M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





David Lazaro 
July 26, 2005 



